There should also be some methods for retrieving Role children. I'm working on those, and will post them here.

Posted by Darby Felton (darby) on 2007-07-31T11:54:22.000+0000

Resources are organized into a tree. Therefore, at most one parent resource can exist for any given resource.

Roles are organized into a directed acyclic graph (DAG). Therefore, a role may have zero, one, or more than one parent roles.

Posted by Darby Felton (darby) on 2007-07-31T11:59:36.000+0000

I see that the intent is to fetch all ancestors (i.e., parents, grandparents, and so on) of a role or resource. Though this is fine, the results hide the actual data structure. For example, it is not apparent whether a returned "parent" resource is actually a parent, the parent of a parent, and so on.

Further, for what purpose is such information useful, I'm curious? That is, what use case requirements do these new methods help to meet?

Posted by Sorin Alin Stoiana (sorin) on 2007-08-01T14:24:01.000+0000

It seems logical to be able to interrogate the Acl object once created, to meet the needs of (say) a CMS, where roles, resources and permissions vary dynamically to match the structure of the content.